You use GitHub, write code, and do other fun stuff. To improve the quality of your work and optimize your time, use a static analyzer. And then an idea comes to you - why not look at the errors generated by the analyzer directly in GitHub? And also to make it look beautiful. What to do in this case? The answer is very simple. Your choice is SARIF. What it is, how to configure it, and will be discussed in this article. Enjoy reading.
What is SARIF?
SARIF (Static Analysis Results Interchange Format) – JSON . , , - , GitHub Visual Studio Code.
- , . , (, JSON), . .
(SARIF) , . . , , SARIF . , . , , \, . !
GitHub
, "Security".
"Code scanning alerts" "Set up code scanning".
"Set up this workflow".
yml ( upload-sarif.yml) :
name: "Upload SARIF"
# Run workflow each time code is pushed to your repository and on a schedule.
# The scheduled workflow runs every at 00:00 on Sunday UTC time.
on:
push:
schedule:
- cron: '0 0 * * 0'
jobs:
build:
runs-on: ubuntu-latest
steps:
# This step checks out a copy of your repository.
- name: Checkout repository
uses: actions/checkout@v2
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
:
"Start commit", - ( "Create upload-sarif.yml") .
, ! SARIF .
SARIF
, SARIF – , . PVS-Studio PlogConverter. – .
SARIF , . ++ . - ? :) :
#include <iostream>
void f(unsigned int ch)
{
unsigned int chx = -1;
if (ch >= 0x0fff0)
{
if ( !((ch >= 0x0FF10) && (ch <= 0x0FF19))
|| ((ch >= 0x0FF21) && (ch <= 0x0FF3A))
|| ((ch >= 0x0FF41) && (ch <= 0x0FF5A)))
{
ch = chx;
}
}
}
int main()
{
std::cout << "error" << std::endl;
}
, , " PVS-Studio , ".
, PVS-Studio. - "PVS-Studio_Cmd.exe". C++, C# MSBuild- Windows. "C:\Program Files (x86)\PVS-Studio". .
, . :
PVS-Studio_Cmd.exe -t "D:\Use_SARIF_Example\BestProjectCpp.sln" \
-o "D:\Use_SARIF_Example\results.plog" -e "D:\Use_SARIF_Example\"
. "-t" . (sln csproj/vcxproj ). "-o" , . "-e" - , PVS-Studio . , .
, plog SARIF . PlogConverter.
Plog SARIF
PlogConverter, . PlogConverter – , PVS-Studio . .
, PlogConverter.exe . PVS-Studio "PVS-Studio_Cmd.exe". , :
PlogConverter.exe "D:\Use_SARIF_Example\results.plog" \
-o "D:\Use_SARIF_Example" -t sarif -n results
. .
,
, , SARIF . "Add file -> Upload files".
SARIF , . , , "Actions" .
, "Security". "Code scanning alerts -> PVS-Studio".
. - :
:
;
. , ;
.
SARIF GitHub
, . , , - , SARIF . , , . C++ :
#include <iostream>
void f(unsigned int ch)
{
unsigned int chx = -1;
if (ch >= 0x0fff0)
{
if (!((ch >= 0x0FF10) && (ch <= 0x0FF19))
|| ((ch >= 0x0FF21) && (ch <= 0x0FF3A))
|| ((ch >= 0x0FF41) && (ch <= 0x0FF5A)))
{
ch = chx;
}
}
}
int ComputeProjectionMatrixFOV(float fov)
{
float yScale = 1.0 / tan((3.141592538 / 180.0) * fov / 2);
return yScale;
}
int main()
{
std::cout << "error" << std::endl;
}
, , SARIF ( ) . , . .
. "Security" -> "Code scanning alerts" -> "PVS-Studio" "Branch" . :
, . , . , , bat , , SARIF SARIF .
?
, . ? , , — , . "Open" "Closed". "Open" — , . "Closed" – , .
— (, ).
. , .
GitHub "false positive", "used in tests", "won't fix" :). , ( checkbox) "Dismiss".
, , SARIF .
"Open", . "Closed", , , "Reopen".
, , . , "Open", , "Closed". SARIF . pull request, . , . SARIF pull request .
C++?
, . , – , SARIF . , PVS-Studio C++, C#, Java. C#, . , , C# . , :
using System;
using System.Collections.Generic;
using System.Linq;
namespace TestSarif
{
class Program
{
static void Main()
{
var result = Formula42(3, 5);
}
static int Formula42(int? coefficientA, int? coefficientB)
{
var data = new List<int>();
if (coefficientA != null)
data.Add(Formula42(coefficientA.Value));
else if (coefficientB != null)
data.Add(Formula42(coefficientA.Value));
return data.SingleOrDefault();
}
static private int Formula42(int coefficient)
{
return coefficient;
}
}
}
:
.
, , SARIF — , . SARIF . , VS Code . , , , . , - , .
. .
, : Nikolay Mironov, Evgeniy Ovsannikov. How to Get Nice Error Reports Using SARIF.